Unique inquiry about VPN encryption
Unique inquiry about VPN encryption
This came up recently after about four months of using my own private VPN. I rent a VPS from providers like 100up, OVH, and currently run it via VirMachine. I opt for the more affordable choice because it fits my requirements. I rely on SoftEther VPN since OpenVPN seems unreliable for me. I set the encryption to AES-256, but I’m curious—does the company hosting my VPS monitor my network traffic? If they did, would everything be encrypted as well? I’ve turned off logging on both my client and server, and I’m using the “wipe” app on Ubuntu 16.04 to clear connection logs every few days. I’m not engaging in anything illegal, but if I’m using their VPS as a VPN, why would I trust them with all my data instead of something like Xfinity? In short, does AES-256 encryption on SoftEther VPN allow my VPS provider to see my online activity?
With a VPN you shift the source of trust to another location. You rely on the VPN service to conceal your internet activity from your local ISP at home, hotel, or café. Once your data travels beyond the VPS to the wider web, it loses encryption except for basic connection protection such as HTTPS. Files stored on the device remain unprotected unless you configure the operating system to use encrypted storage. If the decryption key is required each time the VPS boots, anyone who obtained the raw data could potentially decrypt it.
The details sent from your VPS to the internet are handled by your provider. They can view any unencrypted data coming from outside, especially when using KVM. In your earlier comment, you mentioned no logs are left on the VPS, and only connection logs or port scan attempts are recorded. However, you use a tool called Wipe to wipe that information regularly every few days.
Installed Wireguard VPN and started using it. It performs better than OVPN.
Your VPS service can certainly examine or record the network traffic going to and from your VPS, but they should only do this if a court order authorizes it—this is comparable to a wiretap on a phone line, except the legal system typically doesn’t consider monitoring internet traffic as private as intercepting a phone call. The same rule applies to the ISP your VPS provider uses directly. In certain cases, your traffic might be intercepted if another VPS running on the same server engages in illegal activity.
No clear method exists to fully encrypt it for everyone, as current systems have limitations.
Your internet traffic—including IP addresses, ports, and unencrypted data like DNS or HTTP—must be decrypted somewhere to function properly. This means you need to rely on others. Even with TOR, this isn’t fully secure since your ISP or VPS provider can still detect traffic going to TOR. To go fully encrypted, you must understand the underlying technologies and study them at a fundamental level. You shouldn’t hesitate to ask technical questions if you can’t answer them yourself. You don’t need to create every encryption layer yourself, but you must grasp how each component operates. Criminals get caught when they miss small details, such as embedding images on TOR pages using non-TOR addresses or sending unencrypted emails just once. I’m not concerned about your motivation for encryption and privacy; there are solid, practical reasons, but it’s pointless if you won’t commit to doing it properly.
Currently, I remove all IP-related logs from the machine, including VPN connections and SSH activity. Does this action restrict the company’s ability to view the IP address of the machine on their network management system, or does it actually improve visibility?